Vulnerability Description
The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amarok | Amarok | All versions |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=166901
- http://bugs.kde.org/show_bug.cgi?id=138499Vendor Advisory
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.htmlVendor Advisory
- http://secunia.com/advisories/23984Vendor Advisory
- http://secunia.com/advisories/24159Vendor Advisory
- http://secunia.com/advisories/24510Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200703-11.xml
- http://www.securityfocus.com/bid/22568
- http://www.vupen.com/english/advisories/2007/0613Vendor Advisory
- http://bugs.gentoo.org/show_bug.cgi?id=166901
- http://bugs.kde.org/show_bug.cgi?id=138499Vendor Advisory
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.htmlVendor Advisory
- http://secunia.com/advisories/23984Vendor Advisory
- http://secunia.com/advisories/24159Vendor Advisory
- http://secunia.com/advisories/24510Vendor Advisory
FAQ
What is CVE-2006-6979?
CVE-2006-6979 is a vulnerability with a CVSS score of 7.5 (HIGH). The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbit...
How severe is CVE-2006-6979?
CVE-2006-6979 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6979?
Check the references section above for vendor advisories and patch information. Affected products include: Amarok Amarok.